I elected not to append 'search' automagically to the beginning of a job because you may need to createdifferent jobs other than a direct 'search'. Splunk UI does this automatically when using its interface.So a valid 'search' job would look like 'search 404:error host="www.benwoodall.com"'

By default, a search with no 'earliest_time' option is set to '-15m' to only search the last 15 minutes.To change this:splunk.create_job('search SEARCH TERM', ":earlist_time => '-60m'")

Available options can be found at:http://docs.splunk.com/Documentation/Splunk/4.2.2/RESTAPI/RESTsearch#POST_search.2Fjobs

=== To list job results:splunk.job_results(res)=> XML results

== REQUIREMENTS:

Access to a working Splunk environment.* faraday* faraday_middleware

== INSTALL:

gem install rsplunk

== Upcoming Features:* include ALL THE ENDPOINTS!* move to httparty

== Contributing to rSplunk

* Start a feature/bugfix branch.* Commit and push until you are happy with your contribution.* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.